commit 1444c016b3cc6db83e809725f9d69b1f5746b5c8 · soopy.moe/gensokyo

+5 -2

creds/sops/koumakan/default.yaml

···

       80
        
           s3:

     

       81
        
               key_id: ENC[AES256_GCM,data:ONhytMHluXYgZw0hErBid5PmD+o=,iv:j6NPjLPIPN3rNs/RSDoqhYqGaZ11ZZwyM3Q4SoXviKY=,tag:oc+L6+TwAy/OLKQVfZsdww==,type:str]

     

       82
        
               key_secret: ENC[AES256_GCM,data:41QIwGRJP3Pw2fsYgZIG3wk6GLCy3EeJszwM+kdGrjriIfCXs6D45g==,iv:sWMgzhIh9VnBbiuv1jg+ZIfolHtuaxamthp3OKwOVgc=,tag:JLIHG5f4tdjaJxP5Il+nFA==,type:str]

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       83
        
       sops:

     

       84
        
           kms: []

     

       85
        
           gcp_kms: []

     
···

       113
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       114
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       115
        
                   -----END AGE ENCRYPTED FILE-----

     

       116
       -
           lastmodified: "2025-02-15T09:47:22Z"

     

       117
       -
           mac: ENC[AES256_GCM,data:ISdAk0PXufIAziqFBB5Oq3kfJ9SMk9EQsMIO0fc2G7ysDKRUvBpoV3chMUPevRdxtAclxNHMwBsUFsU+qUIgcpTLMqcEq9CFIkno+sBovRw5/5A9+OUdwPmjI2HGRG9K+iISYrSghir9oeuW+DjvZEvWTpPSsMSfvXF6y8Xi/tY=,iv:m8XCdKFOh26Vvl3Bl9qJCINRwwyvOJdzlDpPP5zO8hc=,tag:JaGqHWCIlswjIuslZEDeIg==,type:str]

     

       118
        
           pgp: []

     

       119
        
           unencrypted_suffix: _unencrypted

     

       120
        
           version: 3.9.4

···

       80
        
           s3:

     

       81
        
               key_id: ENC[AES256_GCM,data:ONhytMHluXYgZw0hErBid5PmD+o=,iv:j6NPjLPIPN3rNs/RSDoqhYqGaZ11ZZwyM3Q4SoXviKY=,tag:oc+L6+TwAy/OLKQVfZsdww==,type:str]

     

       82
        
               key_secret: ENC[AES256_GCM,data:41QIwGRJP3Pw2fsYgZIG3wk6GLCy3EeJszwM+kdGrjriIfCXs6D45g==,iv:sWMgzhIh9VnBbiuv1jg+ZIfolHtuaxamthp3OKwOVgc=,tag:JLIHG5f4tdjaJxP5Il+nFA==,type:str]

     

       83
       +
       tangled:

     

       84
       +
           knot:

     

       85
       +
               key: ENC[AES256_GCM,data:c592aVa7BI0LArjgeKv2S3keUOiJw5CPCUIH/tiedeHVXbUqSQZGzNu7NfXoGdVnnkv/qW8FQGK8w5QWI0YxEw==,iv:KOePG824ljudnHk5DjFYGg6KhRXTPsw4SjXdwyx4/js=,tag:fioM69c2dTvxbIhtTM2gwA==,type:str]

     

       86
        
       sops:

     

       87
        
           kms: []

     

       88
        
           gcp_kms: []

     
···

       116
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       117
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       118
        
                   -----END AGE ENCRYPTED FILE-----

     

       119
       +
           lastmodified: "2025-03-11T17:05:46Z"

     

       120
       +
           mac: ENC[AES256_GCM,data:Vg4XtRaANJw34c5ExKD4IL7xRmdGA9Ax/cHVdSNlX6jFD7BCcmmDm4kKD1DfHxgsKv+E0ZrPaxvJ3gKsn9TY4nQ2bOH76wIyrfWhBi9OBAHiP8+ZuURmWs1bt2muM/lMdxF2qYdmEEbZDQOmyLRRJxhB8FJECqq0Aqwen//kad0=,iv:VamakU+pvisODZi8Evc93x3do/sflVYZECZdou1hMsg=,tag:q0hmlV/A0zwP4uMXpwWtrg==,type:str]

     

       121
        
           pgp: []

     

       122
        
           unencrypted_suffix: _unencrypted

     

       123
        
           version: 3.9.4

+1

systems/koumakan/configuration.nix

···

       6
        
           inputs.mystia.nixosModules.anubis

     

       7
        
           inputs.hydra.nixosModules.hydra

     

       8
        
           inputs.buildbot-nix.nixosModules.buildbot-master

     

       0
        
       
     

       9
        
       

     

       10
        
           ./hardware-configuration.nix

     

       11

···

       6
        
           inputs.mystia.nixosModules.anubis

     

       7
        
           inputs.hydra.nixosModules.hydra

     

       8
        
           inputs.buildbot-nix.nixosModules.buildbot-master

     

       9
       +
           inputs.knotserver-module.nixosModules.default

     

       10
        
       

     

       11
        
           ./hardware-configuration.nix

     

       12

+1

systems/koumakan/services/scm/default.nix

···

       1
        
       {...}: {

     

       2
        
         imports = [

     

       3
        
           ./forgejo.nix

     

       0
        
       
     

       4
        
         ];

     

       5
        
       }

···

       1
        
       {...}: {

     

       2
        
         imports = [

     

       3
        
           ./forgejo.nix

     

       4
       +
           ./tangled-knot.nix

     

       5
        
         ];

     

       6
        
       }

-1

systems/koumakan/services/scm/forgejo.nix

···

       234
        
         # }}}

     

       235
        
       }

     

       236
        
       # vim:foldmethod=marker

     

       237
       -

···

       234
        
         # }}}

     

       235
        
       }

     

       236
        
       # vim:foldmethod=marker

     

       0

+39

systems/koumakan/services/scm/tangled-knot.nix

···

       1
       +
       {_utils, config, ...}: let

     

       2
       +
         secrets = _utils.setupSecrets config {

     

       3
       +
           namespace = "tangled";

     

       4
       +
           secrets = ["knot/key"];

     

       5
       +
         };

     

       6
       +
       in {

     

       7
       +
         imports = [secrets.generate

     

       8
       +
       

     

       9
       +
         (secrets.mkTemplate "knotserver.env" ''

     

       10
       +
           KNOT_SERVER_SECRET=${secrets.placeholder "knot/key"}

     

       11
       +
         '')

     

       12
       +
         ];

     

       13
       +
       

     

       14
       +
         services.tangled-knotserver = {

     

       15
       +
           enable = true;

     

       16
       +
           gitUser = "knot";

     

       17
       +
       

     

       18
       +
           repo.mainBranch = "meow";

     

       19
       +
           server = {

     

       20
       +
             hostname = "enanan.staging.soopy.moe";

     

       21
       +
             listenAddr = "127.0.0.1:34195";

     

       22
       +
             internalListenAddr = "127.0.0.1:34196";

     

       23
       +
           };

     

       24
       +
       

     

       25
       +
           extraSshdConfig = ''

     

       26
       +
             Banner none

     

       27
       +
             PasswordAuthentication no

     

       28
       +
             KbdInteractiveAuthentication no

     

       29
       +
           '';

     

       30
       +
         };

     

       31
       +
       

     

       32
       +
         services.nginx.virtualHosts."enanan.staging.soopy.moe" = _utils.mkSimpleProxy {

     

       33
       +
           port = 34195;

     

       34
       +
           extraConfig = {

     

       35
       +
             useACMEHost = null;

     

       36
       +
             enableACME = true;

     

       37
       +
           };

     

       38
       +
         };

     

       39
       +
       }